What is java script, how javascript works?

JavaScript is an object-oriented scripting language used to enable programmatic access to objects within both the client application and other applications. It was developed by Netscape. It allows code to be embedded in HTML pages to add expanded functionality to websites. Java Script is a client-side scripting language, which means the code is compiled and executed on the local client. This makes it vulnerable to being abused for running malicious code on the client as well as access to local files and browser info. For example, an attacker could spoof a web site, lure visitors to the fake site, and have them execute arbitrary Java Script code on their local systems. Another method frequently showing up, especially on the "less legal" areas of the Internet, are small pop-ups that are downsized to go unnoticed to the victim. This allows the Java Script to keep running while the visitor already left the site that popped it up.

By default, a Java Script can access local files and browser windows from the same domain as the script only. Some browsers such as Netscape and Mozilla support signed Java Script scripts. The digital signature is placed in a separate .JAR file that is loaded with the script and allows users to verify the source and integrity of the script. Signed Java Scripts that are accepted by users can lead to additional vulnerabilities because they can be used to request expanded privileges, such as access to the local file system and control over browser instances and settings. Modern browsers warn the users before accepting signed scripts and requests for expanded privileges or block such scripts entirely. Internet Explorer allows users some control over Java Script acceptance by classifying sites into zones. Java Script still requires user intervention before it can do real damage beyond the browser. So the prevention is dependent on user's education and awareness of these risks.